Power LED Attack - Computerphile

Key Takeaways

well so we're not talking about Mario patterns despite the fact that I've worn you know the worst show ever um yeah so I'm afraid you're just gonna have to put up with that this interesting paper came out a couple of weeks ago which was doing some rounds on social media because it's just quite an interesting concept and the concept is basically extracting secret keys from Smart cards and other devices by just looking at the flickering of LEDs on their power circuits so in essence you look at the Led it flickers on and off a little bit as the power consumption changes and you can read off the secret key which is just ridiculous as a concept right but actually kind of makes sense when you break it to break down how it works it does sound a bit far-fetched which is what's so cool about it in actual fact side Channel attacks like this power analysis and things are actually have actually been quite common in the past and so maybe we talk mostly about that and just in general how they work and before we talk a bit about the LED thing I suppose the take-home message really is apart from it's really interesting is this is a lot harder to stop than you think right if you don't think about this when you implement your cryptographic algorithm you could have your LEDs giving away all your secrets okay so we're gonna put this aside for a moment and just think about power analysis we actually did a video on the Square multiply algorithm if you recall a little while ago which if I do say to myself is a great video and you should definitely definitely watch it but actually what's something I mentioned in that video very briefly was the idea that if you're not careful with your implementations of algorithms like this they can be vulnerable to something called Power analysis or the idea that you can look at how much power this is consuming on the CPU or from the power supply and start to to actually read off secret bits of key right which doesn't seem very likely at all but actually if you're bad of your implementation is quite straightforward so if we look very briefly back at how that worked when you do an RSA digital signature one of the operations you do is you take some form of your message let's call it m or M prime or something which is maybe like a hash of your message or a padding of your message and you're going to raise this number to the power of your private key right mod some giant number n now if you remember when we talked about binary exponentiation or the square and multiply algorithm what you would actually do is you would represent this D here as binary and then you would do a series of square or multiply operations to calculate that sum really really quickly because otherwise you could never do it in time so for example if your current value was x to the 101 and that's in binary and you needed to get to 1010 you could Square this number right so that would be x to the 101 Times by x to the 101 is equal to x to the 1010 right very straightforward and if you wanted to increase it by one you could do x to the 1010 Times by X is equal to x to the 1011 right now that's the whole algorithm I've put a video you just do a series of these and you can Converge on whatever this private key is so what do we do with this as an attacker well that means that suppose your your secret key is [Music] 10110011 now in practice it would be quite a lot longer than this and suppose you're in the middle of this algorithm if you see a zero you're going to need to do a square if you see a one you need to First produce the zero then produce the one so you need to do a square followed by a multiply which is essentially two operations so sometimes you use one operation and sometimes you use two operations and which of those you do will depend on if you've got a zero or a one in your private key that's a dangerous place to be right because if you suppose you put some kind of sensor device on the power supply or you were looking at the LED and it was reflecting the amount of power consumption but let's say the CPU or the cryptographic chip whatever it was in this system was doing you might see something like this so maybe this is your graph or power analysis power and this is time and you see it kind of do this and it's using some power and suddenly it just sort of spikes up like this and then comes back down right and then maybe it spikes up again and comes back down and it spikes up again and it comes back down right and what you realize is that that is a multiply and that is a square and a multiplied together because it takes longer right and and you think well that's actually a bit simple now to read off the bits because that's one zero one one you know and even I could write that code and it surprisingly difficult to stop these things and you have to give it real thought right so what I mentioned in the previous video was what you might do is you might do something like the square always multiplier algorithm or some variant of this where you're always doing a square and a multiply even if it's a zero and that way this happens in constant time and you don't have this issue where it goes quicker or slower or takes more or less power depending on the bits of the key there are loads of variants of this including two variants that are in this paper right so the one of the ones in the paper is how long the signature process takes for an elliptic curve DSA signature can divulge with enough of these what the secret key is because basically it informs us on how many leading zeros there are in the random number that was used during signature right now we're not going to delve all into that into that attack but you can get the idea that if you could measure the power or the time that things take it could give you some Clues as to what the secret Keys might be that in itself is super super interesting now what this paper has done which is perhaps even more interesting is they've managed to do away with the fact that I've had to sneak in and stick something on the power cable to work out what's going on here right that's a perfectly reasonable attack if I say I can break your secret key but to do it I have to get into the server room and plug something in that's still a huge problem because that could happen I put on the hi-vis jacket and I say I've got a wave sum ID you have a ladder on your arm have a ladder it makes it look like I'm fixing the air conditioning or something and and actually I've got my little little device um you you wouldn't be able to argue that that was cryptographically Secure but if you can do this remotely over a camera on the internet that would be I would argue even less secure so so that's where this paper comes is coming from so what they've noted is that the circuitry that controls a power LED on some of these devices is essentially the same battery and same circuitry that's used to do the computation right they're all on the same kind of circuit and that means that as the power consumption of the CPU changes the power going through the LED also changes and that has in very very slight but notable differences in the intensity of these LEDs over time so you might imagine a situation just like how I was reading off the power of a device by putting some specialist specialist Hardware on it I just look at an LED and it gets it goes like bright dim bright dim bright dim like this and I can start reading off bits or interpreting that in some way depending on the algorithm being used that's a huge problem um now one of the issues with this is that you know these are not slow algorithms right CPUs are very fast even on smart card readers and smart cards and that means that the changes in the LED are going to be both very very slight but also really rapid right in the order of you know nanoseconds milliseconds kind of a kind of time scale and we don't have cameras or at least I can't afford a camera that runs at that kind of frame rate so what they did in this particular paper was they used the rolling shutter effect on a camera to massively increase the frame rate because all they care about is the general intensity of the LED not exactly where it is so imagine a situation where you've zoomed your camera right into an LED right either because you've got a camera with a zoom attached to it or you've held your phone really close right now it might be a bit obvious what you're doing but you know let's let's let's go with it so your field of view of your picture has this little giant whacking LED right in the middle of it like this right now this led is going up and down as cryptographic operations are happening and of course it doesn't match everything oh we'll come to that it doesn't no it doesn't matter if it's a focus if anything it's probably slightly better if it's not in Focus because it averages things out nicely now we won't worry about the edge but you may be zoom in a bit further when you get everything in now this camera let's say on your iPhone or your your IP based camera that you managed to hack into right maybe that's operating at about 60 frames a second or something like this that is nowhere near fast enough to capture the kind of imperceptible changes that are happening to this led but the camera isn't actually capturing an image every 60th of a second right there are lots of really cool videos including by smart everyday stand up maths on rolling shutter effects and the weird things that happens to propellers and stuff like this exactly the same process essentially what happens is the camera scans down the rows capturing bits of image as we go right because that's the easiest way to offload them so we capture the first row and then the next row and then the next row and then the next row and so across a row that might happen quite rapidly and between rows we might see this is now this led got slightly dimmer when we got to this road and then slightly brighter again when we got to this row and we might find that but basically if you've got a let's say a 4k camera you're going to increase the frame rate of your of your system by about a thousand times well that's even HD is a thousand yeah enhd so you know and yes there's going to be some noise in this system and there's a there's a there's a slight delay between when you finish the one frame and you start the next frame so there are lots of things you have to calibrate for but it is practical you point your camera at an LED and you just video it and then the fact that these are errors are slightly different is all you need to be able to start to do the same kind of power analysis we were just showing on the graph right and you haven't had to install any specialist Hardware you might have still had to put on on a hat and pretend you you weren't there but you know um so what this attack did was they used both they use both an iPhone and also a standard IP camera that they could control and they zoomed right in on two different LEDs one of them was was getting over to slightly less bright and bearing in mind that these are RGB cameras so they're producing red green and blue values between naught and two five five you might see the average between these changing by one or two pixel values right not a lot but enough that you can see it you know there's another kind of smart card reader that's LED changes between blue and red depending on what it's up to and so you can start to work out how long it's been processing for depending on what colors some of these LEDs are right and so they're similar attacks different algorithms different different cryptographic Protocols are attacking same kind of principle so I find this really really interesting because you know you think there's no way I've made my smart card reader I've used special algorithms or whatever no one's no one's getting into this it's tamper-proof all this kind of business and you realize that your LED is just divulging your uh your secret key and that's not what you want so in the paper they attack two different algorithms one is elliptic curve DSA which is used for digital signatures very common in digital certificates um another is uh s-i-k-e or super singular um isogeny elliptic curve key exchange or something like that something like that right which has its own problems actually is now with many way but it's one of these Quantum resistant algorithms or at least it was until recently uh so um two different algorithms basically same kind of problem it's it doesn't in a way I think it's quite interesting how common these kind of problems are cross-implementations across different algorithms when you're doing computation based on a secret you better be sure that that computation is extremely consistent because otherwise you're going to divulge what that secret is which is you know really really interesting that is a bad shirt for filming but is it going to be I'm not going to make you take it off but look at the Moira can you see on there I know do you think we can I I thought about it and I thought maybe we sort it out like by zooming in or something or it all comes down to what some whatever resolution it ends up as and whatever so there's not a lot we can do it